The PIN Security Requirement 18-3 Key Blocks Information Supplement provides a series of FAQs to help PIN acquiring entities with implementation of key blocks in accordance with requirement 18-3 in the PCI PIN Security Requirements v3.0. It is supplemental to the PCI SSC Cryptographic Key Blocks Information Supplement.
View this resource for guidance on implementation per the phases outlined in the PCI PIN Security Requirements:
- Phase 1 – Implement Key Blocks for internal connections and key storage within service provider environments – this would include all applications and databases connected to hardware security modules (HSM). Effective date: 1 June 2019.
- Phase 2 – Implement Key Blocks for external connections to associations and networks. Estimated timeline for this phase is 24 months following Phase 1, or 1 June 2021.
- Phase 3 – Implement Key Block to extend to all merchant hosts, point-of-sale (POS) devices and ATMs. Estimated timeline for this phase is 24 months following Phase 2 or 1 June 2023.